Hi all, some years ago maybe in 2009 I started read the reverse engineering tutorials from Ricardo Narvanja.
Starting learning reverse engineering
Some of them were translated to Portuguese, but is less than I expected, so I searched for Author of the tutorials and found the author Ricardo Narvanja.
When I started reading the tutorials, most of the things are chinese to me, this was really hard to understand and replicate on OllyDBG. But with a little of patience I was capable to solve my first crackme, I felt like a king, because this was a really nice experience. Unfortunately, I didn't have too much time to learn more, and the resources at 2009 weren't easy to found, so I have to leave the reverse engineering in standby.
Reversed my first application
Some years later, I was playing a game in a private server, and that server had an application that login my account in their server, if I don't use the application I wasn't able to enter in the server.
So, this application grabs my mac address and sent them to the server, and this functionality allows the owner of the server bans my account.
My account was banned because I was caught using cheats in the game, so I did't have a way to play the game again. :cry:
I started think, what I can do now?
- Change my mac address?
- Try to understand how application works?
I've chosen the second option, because is more challenging.
Reverse application
I started using PEID application to detect what compiler was used to compile the application.
Boom, application is made using c#.net.
I tried a simple test to check if my theory is right, disconnect the internet and open the application. BOOM an error appeared on the screen and this error shown a internet explorer page.
So, What informationI have at this moment?
- Compiled with c#.net
- Uses a Web Browser component from .net framework
When we have internet connection, the Web Bowser inside app renders a webpage, so, I just need to get the url and modify the information sent.
Decompilers
At this year 2011, I found a decompilers .net reactor, I decompiled the application but I wasn't able to retrieve the link for the server in the code.
Other alternatives
My alternative was using a internet sniffer, I found a application for Windows called fiddler.
I tested the application with this sniffer and was able to retrieve the secret url.
The url worked like: http://server.com/login.php?mac=mac_address&username=emanuelx&passe=123
I created a simple app to generate a fake mac address everytime the application is opened, and this worked perfectly.
Some days after this, I was caught with this app and banned again.
The owner of the server created a version 2 of this tool, but I was able to crack this version, but I will create another post with new cracked application.